diff options
| author | Daniel Shahaf <d.s@daniel.shahaf.name> | 2020-07-02 17:40:18 +0000 |
|---|---|---|
| committer | Daniel Shahaf <d.s@daniel.shahaf.name> | 2020-07-05 11:11:22 +0000 |
| commit | 63fde0b744130d95e463299e204ddc5c46199b08 (patch) | |
| tree | d70e49853c861b2a381c590143686f93a12481dc /ChangeLog | |
| parent | 4e471c3f899b485e7a4122c75da1500c2d509236 (diff) | |
| download | zsh-63fde0b744130d95e463299e204ddc5c46199b08.tar.gz zsh-63fde0b744130d95e463299e204ddc5c46199b08.tar.xz zsh-63fde0b744130d95e463299e204ddc5c46199b08.zip | |
46174/0001: test harness: Plug a symlink attack
The test harness created tempfiles with a predictable names and sourced
them without verifying they had been created by itself. This opened
anyone who ran the test suite to a symlink attacks from other local
users on the build machine.
Fix this by creating the file whilst NO_CLOBBER and ERR_EXIT are both in
scope, to ensure that we'll abort unless the file really was created as
expected.
Put the existing rm(1) call in a try/always block to help it be unlinked
on test failures, thus reducing the chances of the NO_CLOBBER check
triggering on tempfiles created by earlier test suite runs.
I had first tried to fix this by using the
.
() { ... } =(:)
.
idiom, but couldn't get that to work: it broke the %prep code of X03
with ZTST_verbose unset (its default value) but not with ZTST_verbose=3.
(I tried to set the latter to debug zpty_flush.)
While there, add a needed-in-principle-but-noop-in-this-specific-case (q).
Indentation will be restored in the next commit.
Diffstat (limited to 'ChangeLog')
| -rw-r--r-- | ChangeLog | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/ChangeLog b/ChangeLog index fa1c74563..a40cf72d6 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +2020-07-05 Daniel Shahaf <d.s@daniel.shahaf.name> + + * 46174/0001: Test/comptest: test harness: Plug a symlink attack + 2020-07-03 Matthew Martin <phy1729@gmail.com> * 46168: Src/builtin.c, Test/B01cd.ztst: Update $PWD and call |